{
  lib,
  config,
  inputs,
  pkgs,
  ...
}:
let
  inherit (config.networking) domain;
  inherit (config.serverConfig) ports vhosts;
in
{
  services.gitea = {
    enable = true;
    settings = {
      service.DISABLE_REGISTRATION = true;
      server = {
        HTTP_PORT = vhosts.gitea_host.port;
        ROOT_URL = "https://${vhosts.gitea_host.host}/";
        DISABLE_SSH = false;
        SSH_DOMAIN = domain;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
        SSH_PORT = ports.gitea_ssh_port.port;
        # SSH_LISTEN_HOST="::"; # fixme?
        # SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
      };
      # log.LEVEL = "Debug";
      "ssh.minimum_key_sizes".RSA = 2048;
      "git.timeout".MIGRATE = 6000;
    };
    lfs.enable = true;
  };

  environment.systemPackages = with pkgs; [ gitea ];
}